No withdrawal function for auctionToken in FjordAuctionFactory
Summary
The FjordAuctionFactory contract has the ability to create new auction contracts through the createAuction function.
When an auction ends with no bids, the auctionToken will be transferred to the owner (factory contract).
However, the FjordAuctionFactory contract lacks a mechanism to withdraw the auctionToken from the contract.
Vulnerability Details
The FjordAuction contract is created by the FjordAuctionFactory through the createAuction function.
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuctionFactory.sol#L59
The owner of the auction is set as the address of the factory contract.
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuction.sol#L134
When an auction ends with no bids, the auctionToken is transferred to the factory contract.
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuction.sol#L193
However, there is no way to withdraw the auctionToken from the FjordAuctionFactory contract.
Impact
The owner of the FjordAuctionFactory contract is unable to withdraw the auctionToken from the contract.
Tools Used
Manual review
Recommendations
Recommend adding a function to withdraw the auctionToken from the FjordAuctionFactory contract.
The other option is to pass the address of the owner to the FjordAuction contract.
Lead Judging Commences
If no bids are placed during the auction, the `auctionToken` will be permanently locked within the `AuctionFactory`
An auction with 0 bids will get the `totalTokens` stuck inside the contract. Impact: High - Tokens are forever lost Likelihood - Low - Super small chances of happening, but not impossible
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.